icedtea-web contains a flaw that is due to the program failing to check the format of downloaded JAR files, which can allow users to utilize the 'GIFAR' flaw and combine a GIF image with a Java JAR file into a single file. This may allow a context-dependent attacker to upload a GIF image file, which then executes arbitrary code from the Java Applet that it contains.